I would like to point out what security.tls.version.min actually
Setting security.tls.version.min to 1 allows TLSv1.0 to be used,
which is vulnerable to a similar padding oracle attack (and timing
oracle attacks) found long ago. You should be using a value of 2
for this setting.
On 10/16/2014 10:28 AM, Marco Galicia
change this option in about:config
As I know, a new vulnerability called poodle has been
discovered regadirng https. This vulnerabilty takes
advantage of the ssl 3.0, and forcecs the https protocol
to use this outdated protocol.
I have been told that a fix for this vulnerabilty is to
disable the use of this protocol in the web browsers.
shoulnd't iceweasel be recompiled to include this
option in the complilation settings??
Can it be done officially in debian??
Can this be done also for other web browsers??
If if is not possible to do ti officially??
How can i do it?? What would be the compilation
parameter, something like " /.config